Our great sponsors
-
django-rest-framework-simplejwt
A JSON Web Token authentication plugin for the Django REST Framework.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Today I found out that if I take the access token and decode it using this https://jwt.io/ website and if i change the payload, suppose change the user id sent in it the jwt code also changes. And when I put this manipulated jwt code in as auth header it stills works somehow . Wasn't the simple jwt library supposed to check if payload is changed before authorizing access? what could be the issue here ?
So , i was using djangorestframework-simplejwt for token bases authentication with drf.